Weeping Angel: The latest surveillance tool, that can turn your smart TV into a bug TV

By: Nina Welt
On: September 25, 2017
About Nina Welt


   

 

The official logo of the CIA

Earlier this year, a revelation by Wikileaks called Vault7 refueled the privacy debate concerning intrusive media (Hacker News; The Verge, 2017). The series released documents on CIA activity between 2013 and 2016, showing how the intelligence agency gained access to encrypted smartphone applications, vehicle control systems, smart TVs and other devices in a disguised manner (WikiLeaks, 2017). This could enable the intelligence agency to listen and to record conversations, to take pictures, to temper with vehicles and to track users’ locations, completely unnoticed.

 

This might appear to be yet another overemphasized privacy threat similar to all the others before. Like when Edward Snowden blew the whistle on the NSA for example. Everybody seemed to be speaking about the issue. A movie was made. A man had to flee his country. And then there was silence. This issue is bigger. While the general public had their eyes on the debate concerning the worldwide data collection and analyzation by the NSA, the CIA built their very own technical espionage base, the Center for Cyber Intelligence Europe (CCIE). The CCIE is basically a hacker base in Frankfurt, Germany, covering operations in Europe, Africa and the Middle East. CIA agents in collaboration with the British MI5 programmed a streak of invasive implants, that can infiltrate a user’s device, change settings and turn it into a bug (WikiLeaks, 2017). One of these projects is called Weeping Angel.

From smart TV to bug TV

The Weeping Angel is a CIA project, famously named after an angel statue character from the TV series Doctor Who that turns into a monster when not looked at. This implant can be used on Samsung Smart TVs to set them into a Fake-Off mode when turned off by the user, to make them believe, their TV is off. Fake-Off mode turns the targeted device into a bug, that uses Samsung’s voice assistant as a covert microphone. The implant allows different bitrates, to record conversations in a higher or lower quality and wires the recordings through the WiFi of the TV to a disguised CIA web page, and then directly to CIA servers. While this can trigger uncanny feelings of paranoia, the implant is not actually that sophisticated yet (until 2014, when the documentation on Weeping Angel ends). The implant has to be physically installed by USB and can only infiltrate the F8000 model with specific firmware versions. It can be discovered by checking the blue light on the back of the TV, which the Fake-Off mode does not manage to force off (WikiLeaks; Hacker News; The Verge, 2017) . However, the Weeping Angel is a blatant example of the hacks that CIA and MI5 agents are working on to infiltrate media devices. Research shows, that there are many ways to infiltrate a smart TV, for example simply by the transmission of malware through terrestrial radio signals, eliminating the need to physically install the bug (Oren & Keromytis, 2014; Ars Technica,

When you are not looking the Weeping Angel turns into a scary monster. A nice metaphor on their hack by the CIA.

2017). “The increasing sophistication of surveillance techniques has drawn comparisons with George Orwell’s 1984” (WikiLeaks, 2017). The danger with bug-infested smart TVs lies in the voice assistant. The recorded conversations from voice assistants can enable voice profiling and reveal a ton of sensitive data. The uniqueness of the voice can even serve as an identifier just like a fingerprint (Piesing, 2013). Even from background noises persons could be identified as well as the environment they are currently in. This makes voice assistants great tools for surveillance.

 

We might be trading Privacy for Surveillance

The cry for privacy is not always accompanied by a definition of the concept. Indeed it is not an easy concept to define. If we follow the prominent definition by Westin (1967), privacy is the need for determining for oneself when, how and to what extent personal information is communicated to other parties. In Westins opinion, the current state of privacy furthers a development of a psychological barrier against intrusion, individuals will hold back parts of themselves and limit communication. But in reality, the opposite can be observed. It seems that users accept intrusive media more and more in return for access to services. It is a paradox situation: when asked, users state that they are highly concerned about their privacy, but their behavior tells a different story, as they are giving away extensive amounts of personal information (Barnes, 2006). Technology plays an important role in the uncertainty of privacy, since the home used to be a private sphere but with technology it has largely become the site of surveillance (Lyon, 1994).
But what makes surveillance so problematic? Some scholars would argue that surveillance is not necessarily a problem, it can be a tool for maintaining social order and economic management (Dinev, Hart & Mullen, 2008). “[I]ndividuals may feel that the government needs to be proactive in gathering and processing information about individuals in order to ensure a secure environment” (Dinev, Hart & Mullen, 220). This is a view one could only agree with if surveillance was seen in isolation from risk and future peril, but risk is a critical dimension of surveillance (Foucault, 1982). Totalitarian states like Nazi Germany or the Soviet Union and, as Agre (1994) states, to a lesser extent also the United States show a history of secret police services and networks of informers and recording devices.

This image shows the discvery of a hidden bug that was used to spy on citizens by recording conversations in the room.

So if countries have a history with surveillance practices, they will certainly have a future with them too. Only back in the day they had to force their technologies into the target households, like the Staatssicherheit (Ministry of State Security) did in the German Democratic Republic. Their practices are still frowned upon to this day. Today, the technologies that can serve as tools for surveillance are installed by ourselves. King (2003) states, that “[i]n a totalitarian state, the balance will favor disclosure and surveillance over individual privacy, whereas in a liberal democratic society the balance will ensure that there are limits on disclosure and surveillance in order to maintain individual privacy” (227). So if disclosure and surveillance is increasing with technologies like the Weeping Angel, does that mean we are moving towards a totalitarian society? Probably not if you ask ex-director of the CIA Michael Hayden, who scuffs at the question by Stephen Colbert whether or not the CIA is spying on citizens (CNBC, 2017). But a bitter taste remains as we now know that they could if they wanted to.

 

No need to be wary, but do be aware

Now, considering the role of the CIA in avoiding terrorism abroad and ensuring the security of the people, one might say that it is good and necessary for the agents to listen to conversations in the houses of terrorists. But there is no way of knowing for sure how and to what extent programs, like Weeping Angel, will be used by the CIA. And more importantly, the very existence of these implants is a danger to privacy, since they could fall into the hands of people who actually want to use them to harm others. And since there are no programs yet that cannot eventually be broken into, the danger of these implants being misused is high. Governmental interventions of this nature are very much symptomatic of the vacuous media use of society today. Users seem to care less and less about their media increasingly intruding their personal spaces. This in turn, allows for surveillance to enter through the backdoor, while privacy slowly disappears. The systems that can be so well employed for espionage are installed in our houses by ourselves, without questioning the implications thereof. This is not to say that we have to be conspicuous of governments and be paranoid in our everyday media use – but it is necessary to be aware of the possibilities, that these devices are enabling and that they will be employed one way or another.

The statue that gave their name to the CIA hack Weeping Angel.

If you enjoyed this article and you want to find out more about surveillance and personal identifying data, make sure to head over to this article about the new iPhone X and its Face ID feature: The Future of Mass Surveillance Is Here (and We Are Excited About It)

References

Agre, P. E. (1994). Surveillance and capture: Two models of privacy. The Information Society, 10(2), 101-127.

Barnes, S. B. (2006). A privacy paradox: Social networking in the United States. First Monday, 11(9).

Brandom, R. (2017, April 25). Here’s how to use the CIA’s ‘weeping angel’ smart TV hack. September 22, 2017, <https://www.theverge.com/2017/4/25/15421326/smart-tv-hacking-cia-samsung-weeping-angel-vulnerability>.

Dinev, T., Hart, P., & Mullen, M. R. (2008). Internet privacy concerns and beliefs about government surveillance–An empirical investigation. The Journal of Strategic Information Systems, 17(3), 214-233.

Foucault, M. (1982). The subject and power. Critical inquiry, 8(4), 777-795.

Khandelwal, S. (2017, March 07). WikiLeaks Exposed CIA’s Hacking Tools And Capabilities Details. September 21, 2017, <http://thehackernews.com/2017/03/wikileaks-cia-hacking-tool.html>.

King, I. (2003) On-line privacy in Europe—new regulation for cookies. Information & Communications Technology Law, 12(3), 225-236.

Lyon, D. (1994). The electronic eye: The rise of surveillance society. University of Minnesota Press.

Nguyen, N. (2017, March 09). If you have a smart TV, take a closer look at your privacy settings. September 21, 2017, <https://www.cnbc.com/2017/03/09/if-you-have-a-smart-tv-take-a-closer-look-at-your-privacy-settings.html>.

Oren, Y., & Keromytis, A. D. (2014). From the Aether to the Ethernet-Attacking the Internet using Broadcast Digital Television. In USENIX Security Symposium (pp. 353-368).

Piesing, M. (2013, February 13). The race to fingerprint the human voice. September 22, 2017, <http://www.independent.co.uk/news/science/the-race-to-fingerprint-the-human-voice-8493867.html>.

Westin, A. F. (1967). Privacy and freedom, atheneum. New York, 7.

WikiLeaks. (2017, March 07). Vault 7: CIA Hacking Tools Revealed. September 24, 2017, <https://wikileaks.org/ciav7p1/>.

Photos

BStU MfS. Abhöranlage (Wanze) in einer Privatwohnung. Germany: BStU MfS Abteilung 26. <http://www.demokratie-statt-diktatur.de/DSD/DE/Bilder/privatsphaere_wand_steckdose.jpg ;jsessionid=31BA7210DE246CFBA5F1FD40DF7272E3.1_cid319?__blob=normal>.

Wikimedia. CIA seal. Wikimedia Foundation. United States: Wikimedia. <https://upload.
wikimedia.org/wikipedia/commons/e/e6/Seal_of_the_U.S._Central_Intelligence_Agency.svg>

Fandom. Weeping Angel. Tardis Wikia. <https://vignette.wikia.nocookie.net/tardis/images/b/
be/Series5weepingangels.jpg/revision/latest?cb=20120204130846>.

IFL Science. The Weeping Angels. <http://cdn.iflscience.com/images/36acc2e0-8d19-5842-90ef-b99dc18ba71e/extra_large-1464368859-3197-physicists-demonstrate-weeping-angel-effect.jpg>.

 

Comments are closed.